178 lines
No EOL
7.4 KiB
Bash
178 lines
No EOL
7.4 KiB
Bash
#!/bin/bash
|
|
|
|
# Color definitions
|
|
RED=$'\e[0;31m'
|
|
GREEN=$'\e[0;32m'
|
|
YELLOW=$'\e[1;33m'
|
|
BLUE=$'\e[0;34m'
|
|
MAGENTA=$'\e[0;35m'
|
|
CYAN=$'\e[0;36m'
|
|
BOLD=$'\e[1m'
|
|
NC=$'\e[0m' # No Color
|
|
|
|
if ! command -v gpg &> /dev/null; then
|
|
echo "${RED}${BOLD}Error: GPG is not installed. Please install GPG to use this utility.${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
echo "${BOLD}${BLUE}========================================${NC}"
|
|
echo "${BOLD}${BLUE} GPG Encrypted Message Utility ${NC}"
|
|
echo "${BOLD}${BLUE}========================================${NC}"
|
|
echo "${CYAN}1)${NC} Write (Encrypt & Sign a message)"
|
|
echo "${CYAN}2)${NC} Read (Decrypt a message)"
|
|
echo "${CYAN}3)${NC} Import and Verify someone's public key"
|
|
echo "${CYAN}4)${NC} Display My Fingerprint"
|
|
echo ""
|
|
read -p "${YELLOW}Select an option (1, 2, 3, or 4): ${NC}" option
|
|
|
|
echo ""
|
|
|
|
if [ "$option" == "1" ]; then
|
|
# WRITING / ENCRYPTING
|
|
read -p "${YELLOW}Enter the recipient's email address: ${NC}" email
|
|
if [ -z "$email" ]; then
|
|
echo "${RED}Error: Email cannot be empty.${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
read -p "${YELLOW}Enter the name for the output file (e.g., secret.asc): ${NC}" outfile
|
|
if [ -z "$outfile" ]; then
|
|
echo "${RED}Error: Output file name cannot be empty.${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
# Create a secure temporary file
|
|
temp_file=$(mktemp /dev/shm/secret_msg.XXXXXX 2>/dev/null || mktemp /tmp/secret_msg.XXXXXX)
|
|
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
echo "${CYAN}Opening text editor to write your secret message...${NC}"
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
|
|
# Open editor
|
|
${EDITOR:-nano} "$temp_file"
|
|
|
|
# Check if file is empty
|
|
if [ ! -s "$temp_file" ]; then
|
|
echo "${RED}Message is empty. Aborting.${NC}"
|
|
rm -f "$temp_file"
|
|
exit 1
|
|
fi
|
|
|
|
gpg --encrypt --sign --armor --recipient "$email" < "$temp_file" > "$outfile"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo ""
|
|
echo "${GREEN}${BOLD}Success!${NC} Message encrypted and saved to '${BOLD}$outfile${NC}'."
|
|
echo "You can now safely send this file to ${BOLD}$email${NC}."
|
|
else
|
|
echo ""
|
|
echo "${RED}${BOLD}Error:${NC} Encryption failed. Make sure the recipient's key is imported and verified."
|
|
fi
|
|
|
|
# Securely delete the temporary file
|
|
shred -u "$temp_file" 2>/dev/null || rm -P "$temp_file" 2>/dev/null || rm -f "$temp_file"
|
|
|
|
elif [ "$option" == "2" ]; then
|
|
# READING / DECRYPTING
|
|
read -p "${YELLOW}Enter the path to the encrypted file (e.g., secret.asc): ${NC}" infile
|
|
|
|
if [ -z "$infile" ]; then
|
|
echo "${RED}Error: Input file path cannot be empty.${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -f "$infile" ]; then
|
|
echo ""
|
|
echo "${CYAN}Decrypting message...${NC}"
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
gpg --decrypt "$infile"
|
|
echo ""
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
else
|
|
echo "${RED}Error: File '$infile' does not exist in this directory.${NC}"
|
|
fi
|
|
|
|
elif [ "$option" == "3" ]; then
|
|
# IMPORTING AND MANDATORY VERIFICATION
|
|
read -p "${YELLOW}Enter the path to the public key file you want to import (e.g., friend_key.asc): ${NC}" keyfile
|
|
|
|
if [ -z "$keyfile" ]; then
|
|
echo "${RED}Error: Key file path cannot be empty.${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -f "$keyfile" ]; then
|
|
echo ""
|
|
echo "${CYAN}Importing public key from '${BOLD}$keyfile${NC}${CYAN}'...${NC}"
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
|
|
# Extract fingerprint before import to know exactly what we are dealing with
|
|
fingerprint=$(gpg --show-keys --with-colons "$keyfile" 2>/dev/null | awk -F: '/^fpr:/ {print $10; exit}')
|
|
|
|
if [ -z "$fingerprint" ]; then
|
|
echo "${RED}Error: Could not extract fingerprint from '$keyfile'. Is it a valid GPG key?${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
gpg --import "$keyfile"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
echo "${YELLOW}Key loaded into temporary memory. ${BOLD}MANDATORY VERIFICATION REQUIRED.${NC}"
|
|
echo ""
|
|
|
|
# The Verification Block
|
|
echo "${RED}${BOLD}======================================================================${NC}"
|
|
echo "${RED}${BOLD} CRITICAL SECURITY STEP ${NC}"
|
|
echo "${RED}${BOLD}======================================================================${NC}"
|
|
echo "${YELLOW}To prevent a Man-in-the-Middle (MITM) attack, you MUST verify that ${NC}"
|
|
echo "${YELLOW}the fingerprint below actually belongs to the true owner. ${NC}"
|
|
echo ""
|
|
gpg --fingerprint "$fingerprint"
|
|
echo ""
|
|
echo "${CYAN}${BOLD}INSTRUCTIONS:${NC}"
|
|
echo "${CYAN}1. DO NOT verify this using the same channel you received the key on.${NC}"
|
|
echo "${CYAN}2. Contact the person via phone, secure messenger, or in person.${NC}"
|
|
echo "${CYAN}3. Read the fingerprint above aloud and have them confirm it.${NC}"
|
|
echo "${RED}${BOLD}======================================================================${NC}"
|
|
echo ""
|
|
|
|
read -p "${YELLOW}Did you securely verify the fingerprint out-of-band? (Type 'yes' to confirm): ${NC}" verify_choice
|
|
|
|
if [[ "$verify_choice" == "yes" ]]; then
|
|
echo "${GREEN}Proceeding to signing prompt. Answer 'y' when GPG asks if you want to sign.${NC}"
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
gpg --sign-key "$fingerprint"
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
echo "${GREEN}${BOLD}If the signing was successful, this key is now fully trusted and saved.${NC}"
|
|
else
|
|
echo ""
|
|
echo "${RED}Verification aborted or failed.${NC}"
|
|
echo "${YELLOW}Security protocol requires deleting the unverified key from your keychain.${NC}"
|
|
echo "${CYAN}Removing key...${NC}"
|
|
gpg --batch --yes --delete-keys "$fingerprint"
|
|
echo "${GREEN}Key removed. Import cancelled.${NC}"
|
|
fi
|
|
else
|
|
echo "${BLUE}----------------------------------------${NC}"
|
|
echo "${RED}Error: Failed to import the key. Make sure it is a valid GPG public key file.${NC}"
|
|
fi
|
|
else
|
|
echo "${RED}Error: File '$keyfile' does not exist in this directory.${NC}"
|
|
fi
|
|
|
|
elif [ "$option" == "4" ]; then
|
|
# DISPLAY OWN FINGERPRINT
|
|
echo "${BLUE}${BOLD}======================================================================${NC}"
|
|
echo "${BLUE}${BOLD} YOUR GPG FINGERPRINTS ${NC}"
|
|
echo "${BLUE}${BOLD}======================================================================${NC}"
|
|
echo "${CYAN}Read the fingerprint below to your contact over a secure channel${NC}"
|
|
echo "${CYAN}(e.g., phone call, in person) so they can verify your identity.${NC}"
|
|
echo ""
|
|
gpg --fingerprint -K
|
|
echo ""
|
|
echo "${BLUE}${BOLD}======================================================================${NC}"
|
|
|
|
else
|
|
echo "${RED}Invalid option selected. Exiting.${NC}"
|
|
fi |